All the latest UK technology news, reviews and analysis

EU approves stricter laws for punishing cyber crooks and botnet creators

05 Jul 2013

The European Parliament has voted in a new directive designed to increase the maximum sentences hackers can receive.

The legislation focuses on attacks designed to harm areas of critical national infrastructure or hijack company computer systems. Under the draft reform attacks on areas of critical infrastructure can now carry a maximum sentence of five years, while attempts to illegally access information systems can accrue a two year sentence in all European Union member states.

The directive also address Europe's growing Botnet problem. "When a significant number of information systems have been affected through the use of a tool (eg botnets) there is a maximum penalty of at least three years," reads the Commission's report on the legislation.

Botnets have been a massive issue across the world for many years now. The operations enslave computers using various malwares, letting hackers steal control of them and use them for a variety of nefarious schemes, including denial of service attacks and phishing scams.

Numerous technology firms, including Microsoft, have mounted joint operations with law enforcement to take down the zombie networks command and control servers. Most recently Microsoft teamed up with the FBI to take down the Citadel botnet. At its peak the botnet is believed to have controlled millions of infected PCs and stolen more than $500m in bank fraud.

Interestingly the move will allow nation states to take action against businesses selling botnet and hacking tools as well as those using them. It will also grant law enforcement the power to punish firm's paying or hackers to use the tools to steal information for them.

The Parliament in Strasbourg approved the legislation with a final vote count of 541 to 91 with nine abstentions on the proposal by the European Commission. Only Denmark has chosen to opt out of the rules preferring to keep its current cyber legislation. Other participating governments will now have two years to translate the decision into national law.

The news has been welcomed by European Commission, with Commissioner for Home Affairs, Cecilia Malmström said the move is a key step in the European Commission and Parliament's ongoing efforts to bolster the region's cyber defences.

"This is an important step to boost Europe's defences against cyber-attacks [...] The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions. Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation," she said.

However, in the private sector many security companies have been less positive. Alienvault research team engineer, Conrad Constantine said the legislation will cause more harm than good as the people creating it do not understand cyber threats.

"Cybercrime is an oxymoron - we already have a word for it - 'Crime' - the reason 'cyber crimes' are criminal acts, is because they were criminal acts before computers were involved. Every time law tries to encode some particular use of technology into law, the result is inevitably fair poorly for civilians," he said.

"This is not to say that there are not edge cases that require some extension - determining how to prosecute a botnet operator may be difficult under current law, but not impossible, since whatever (existing) crimes the botnet is being used for, the botnet operator is complicit in. Having said that, more laws do not capture more criminals, they only turn more people into criminals."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Director of E-Learning

Director of E-Learning Start date: As soon as possible...

Graduate Software Developer

Are you looking for a software development role? Would...

International Sales Manager

International Sales Manager Location either Delft...

Cisco CCNA/CCNP Voice Engineer | Cisco Gold Partner

Cisco CCNA/CCNP Voice Engineer The Role: The...
To send to more than one email address, simply separate each address with a comma.